cliconfg.exe

  • File Path: C:\Windows\system32\cliconfg.exe
  • Description: SQL Client Configuration Utility EXE

Screenshot

cliconfg.exe

Hashes

Type Hash
MD5 2F01F4A027E09027DBD2651FF3359DF9
SHA1 DD2A6B32B9F2C746A504632A45D349740C8319A5
SHA256 890D486F00726E694BE483CDEEF17A22EAD2853D8D8C6D4BF1453D7CB44A6BCA
SHA384 D67A01687A619CB07B61C2221470DAD2359C3D6F72651DFE68128CE08580812C4F02E8292D9CC6DC0E067A9FD1BACCCF
SHA512 DE24B51CEDCF0CFBFC1A9ECAB0916E0F2358B63F17A19D8BC9AC6FF4F52B66D8C95696E0AC16207FABB79AEA9246BC79E081596FB0C96CC5F80CD63DFDD8D53B
SSDEEP 384:qbyf4ZRmiVJklCrxPQu8hWPwWsPXuNvBQAMYJQ2JQSkdowyo:qbyYRm4uLGKuI30lJBkvT
IMP E0A4A433A88E43CFE20831B905227E5B
PESHA1 532459482EE00280C0436CB1D3EE317B0AC86AB6
PE256 F90E0CD9BC67EABF33657ADBE6F8875347FEF74E4710904C3B843CAB61D841D2

Runtime Data

Window Title:

SQL Server Client Network Utility

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\cliconfg.rll.mui File
(R-D) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.17763.1518_en-us_831447e1869d6513\comctl32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.17763.1518_en-us_831447e1869d6513 File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17763.1518_none_6d08fefc59f73326 File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme2131664586 Section
\Windows\Theme966197582 Section

Loaded Modules:

Path
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\SYSTEM32\cliconfg.dll
C:\Windows\system32\cliconfg.exe
C:\Windows\SYSTEM32\cliconfg.RLL
C:\Windows\System32\combase.dll
C:\Windows\System32\CRYPT32.dll
C:\Windows\System32\CRYPTSP.dll
C:\Windows\system32\dwmapi.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\MSASN1.dll
C:\Windows\System32\MSCTF.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\System32\win32u.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17763.1518_none_6d08fefc59f73326\COMCTL32.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: cliconfg.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/890d486f00726e694be483cdeef17a22ead2853d8d8c6d4bf1453d7cb44a6bca/detection/

File Similarity (ssdeep match)

File Score
C:\windows\system32\cliconfg.exe 57
C:\WINDOWS\system32\cliconfg.exe 75
C:\WINDOWS\system32\cliconfg.exe 60
C:\Windows\system32\cliconfg.exe 60
C:\Windows\system32\cliconfg.exe 57
C:\WINDOWS\SysWOW64\cliconfg.exe 65
C:\WINDOWS\SysWOW64\cliconfg.exe 63
C:\Windows\SysWOW64\cliconfg.exe 66
C:\Windows\SysWOW64\cliconfg.exe 63
C:\Windows\SysWOW64\cliconfg.exe 66
C:\windows\SysWOW64\cliconfg.exe 63

Possible Misuse

The following table contains possible examples of cliconfg.exe being misused. While cliconfg.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base apt_op_honeybee.yar $x2 = “del /f /q %TEMP%\setup.cab && cliconfg.exe” CC BY-NC 4.0
signature-base apt_op_honeybee.yar $x1 = “cmd /c taskkill /im cliconfg.exe /f /t && del /f /q” fullword ascii CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.